Oct 16 2003

Can you count to seven?

Published by Martin at 12:36 pm under Microsoft

Microsoft can! They released seven patches yesterday, 5 for ‘Critical’ vulnerabilities, 2 for ‘Important’ vulnerabilities. Wow, that may be a record, even for them. How many of these vulnerablilities already have exploits existing in the wild? And they haven’t even addressed the assertion that came out earlier this week that systems patched against the RPC/DCOM vulnerability may still be attackable.

If you work in IT, I hope you have the time to test all of these patches before pushing them out. These are ‘remote code execution’ vulnerabilities, so if the hacker can exploit them, your box is ‘0wn3d’. And if you don’t work in IT, you’d better update the patches on your box and hope for the best.

Here are links to the Microsoft website for each of the vulnerabilities. Good luck.

MS03-041 : Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

MS03-042 : Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)

MS03-043 : Buffer Overrun in Messenger Service Could Allow Code Execution (828035)

MS03-044 : Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)

MS03-045 : Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)

MS03-046 : Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (822363)

MS03-047 : Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments are closed at this time.